# Block an IP range of a whole country
March 6th, 2022
* Get a list of IP ranges as assigned to a country of your interest, e.g. from a free service of [IP2Location](https://www.ip2location.com/free/visitor-blocker).
* If it does not offer a format you need, take the CIDR version.
* If you're using the [Uncomplicated Firwall, ufw](https://wiki.ubuntu.com/UncomplicatedFirewall), convert CIDR to appropriate commands:
# for IPv4
while read p; do if [[ $p != \#* ]]; then echo "-A ufw-before-input -s $p -j DROP" >> output-ipv4.rules; fi; done < input-cidr-ipv4.txt
# for IPv6
while read p; do if [[ $p != \#* ]]; then echo "-A ufw6-before-input -s $p -j DROP" >> output-ipv6.rules; fi; done < input-cidr-ipv6.txt
* Include the rules in the ufw's `/etc/ufw/before.rules` and `/etc/ufw/before6.rules` files for the IPv4 and IPv6 entries respectively. Please note, they have to be added **after** the line `# End required lines` and **before** the `COMMIT` command.
* Ensure, you are not about to lock yourself out and reload the ufw by typing `ufw reload` or restart the service/host.
Please note, in most common setups **it does not affect** publicly available docker containers and forwarded packets (like in a VPN case). For that use case other tables are to be modified.
[Next: ESP8266 Power Considerations](/article_2022-05-19_ESP8266%20Power%20Considerations.html)
[Previous: Eavesdropped using Pegasus](/article_2022-01-13_Eavesdropped%20using%20Pegasus.html)